From 0cd4863585c593f97e0d2759d67b865014b58f53 Mon Sep 17 00:00:00 2001 From: Jason Tedor Date: Wed, 17 Feb 2021 12:41:23 -0500 Subject: [PATCH] Introduce ES_JAVA_HOME (#68954) This commit introduces a dedicated envirnoment variable ES_JAVA_HOME to determine the JDK used to start (if not using the bundled JDK). This environment variable will replace JAVA_HOME. The reason that we are making this change is because JAVA_HOME is a common environment variable and sometimes users have it set in their environment from other JDK applications that they have installed on their system. In this case, they would accidentally end up not using the bundled JDK despite their intentions. By using a dedicated environment variable specific to Elasticsearch, we avoid this potential for conflict. With this commit, we introduce the new environment variable, and deprecate the use of JAVA_HOME. We will remove support for JAVA_HOME in a future commit. --- .ci/os.sh | 2 + Vagrantfile | 1 + .../testclusters/ElasticsearchNode.java | 2 +- distribution/src/bin/elasticsearch-env | 16 ++-- distribution/src/bin/elasticsearch-env.bat | 19 +++-- .../src/bin/elasticsearch-service.bat | 12 +-- docs/reference/setup.asciidoc | 2 +- docs/reference/setup/install/deb.asciidoc | 2 +- docs/reference/setup/install/rpm.asciidoc | 2 +- .../setup/install/sysconfig-file.asciidoc | 2 +- .../setup/install/zip-windows.asciidoc | 18 ++--- modules/reindex/build.gradle | 1 + .../packaging/test/ArchiveTests.java | 81 +++++++++++++++---- .../packaging/test/PackageTests.java | 2 +- .../packaging/test/PackagingTestCase.java | 4 +- .../packaging/test/WindowsServiceTests.java | 12 +-- .../packaging/util/Packages.java | 4 +- .../elasticsearch/packaging/util/Shell.java | 3 +- .../en/security/fips-140-compliance.asciidoc | 4 +- 19 files changed, 129 insertions(+), 60 deletions(-) diff --git a/.ci/os.sh b/.ci/os.sh index 59e8de36af19..1509a2091d29 100755 --- a/.ci/os.sh +++ b/.ci/os.sh @@ -48,6 +48,7 @@ else fi sudo bash -c 'cat > /etc/sudoers.d/elasticsearch_vars' << SUDOERS_VARS + Defaults env_keep += "ES_JAVA_HOME" Defaults env_keep += "JAVA_HOME" Defaults env_keep += "SYSTEM_JAVA_HOME" SUDOERS_VARS @@ -63,6 +64,7 @@ sudo mkdir -p /elasticsearch/qa/ && sudo chown jenkins /elasticsearch/qa/ && ln sudo -E env \ PATH=$BUILD_JAVA_HOME/bin:`sudo bash -c 'echo -n $PATH'` \ RUNTIME_JAVA_HOME=`readlink -f -n $RUNTIME_JAVA_HOME` \ + --unset=ES_JAVA_HOME \ --unset=JAVA_HOME \ SYSTEM_JAVA_HOME=`readlink -f -n $RUNTIME_JAVA_HOME` \ ./gradlew -g $HOME/.gradle --scan --parallel --continue $@ diff --git a/Vagrantfile b/Vagrantfile index 655b4587bcf5..cdabd3a7bacd 100644 --- a/Vagrantfile +++ b/Vagrantfile @@ -461,6 +461,7 @@ def sh_install_deps(config, ensure expect cat \<\ /etc/sudoers.d/elasticsearch_vars +Defaults env_keep += "ES_JAVA_HOME" Defaults env_keep += "JAVA_HOME" Defaults env_keep += "SYSTEM_JAVA_HOME" SUDOERS_VARS diff --git a/buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchNode.java b/buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchNode.java index f88df5982d3f..844c8e65832c 100644 --- a/buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchNode.java +++ b/buildSrc/src/main/java/org/elasticsearch/gradle/testclusters/ElasticsearchNode.java @@ -728,7 +728,7 @@ public class ElasticsearchNode implements TestClusterConfiguration { Map defaultEnv = new HashMap<>(); // If we are testing the current version of Elasticsearch, use the configured runtime Java, otherwise use the bundled JDK if (getTestDistribution() == TestDistribution.INTEG_TEST || getVersion().equals(VersionProperties.getElasticsearchVersion())) { - defaultEnv.put("JAVA_HOME", BuildParams.getRuntimeJavaHome().getAbsolutePath()); + defaultEnv.put("ES_JAVA_HOME", BuildParams.getRuntimeJavaHome().getAbsolutePath()); } defaultEnv.put("ES_PATH_CONF", configFile.getParent().toString()); String systemPropertiesString = ""; diff --git a/distribution/src/bin/elasticsearch-env b/distribution/src/bin/elasticsearch-env index cb3865f92c63..59d15b36d626 100644 --- a/distribution/src/bin/elasticsearch-env +++ b/distribution/src/bin/elasticsearch-env @@ -36,23 +36,29 @@ ES_HOME=`dirname "$ES_HOME"` ES_CLASSPATH="$ES_HOME/lib/*" # now set the path to java -if [ ! -z "$JAVA_HOME" ]; then +if [ ! -z "$ES_JAVA_HOME" ]; then + JAVA="$ES_JAVA_HOME/bin/java" + JAVA_TYPE="ES_JAVA_HOME" +elif [ ! -z "$JAVA_HOME" ]; then + # fallback to JAVA_HOME + echo "warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME" >&2 JAVA="$JAVA_HOME/bin/java" JAVA_TYPE="JAVA_HOME" else + # use the bundled JDK (default) if [ "$(uname -s)" = "Darwin" ]; then # macOS has a different structure JAVA="$ES_HOME/jdk.app/Contents/Home/bin/java" else JAVA="$ES_HOME/jdk/bin/java" fi - JAVA_TYPE="bundled jdk" + JAVA_TYPE="bundled JDK" fi if [ ! -x "$JAVA" ]; then - echo "could not find java in $JAVA_TYPE at $JAVA" >&2 - exit 1 - fi + echo "could not find java in $JAVA_TYPE at $JAVA" >&2 + exit 1 +fi # do not let JAVA_TOOL_OPTIONS slip in (as the JVM does by default) if [ ! -z "$JAVA_TOOL_OPTIONS" ]; then diff --git a/distribution/src/bin/elasticsearch-env.bat b/distribution/src/bin/elasticsearch-env.bat index 02f85ef118ac..99b624d634df 100644 --- a/distribution/src/bin/elasticsearch-env.bat +++ b/distribution/src/bin/elasticsearch-env.bat @@ -40,16 +40,23 @@ if "%1" == "nojava" ( exit /b ) -rem compariing to empty string makes this equivalent to bash -v check on env var +rem comparing to empty string makes this equivalent to bash -v check on env var rem and allows to effectively force use of the bundled jdk when launching ES rem by setting JAVA_HOME= -if "%JAVA_HOME%" == "" ( - set JAVA="%ES_HOME%\jdk\bin\java.exe" - set "JAVA_HOME=%ES_HOME%\jdk" - set JAVA_TYPE=bundled jdk -) else ( +if defined ES_JAVA_HOME ( + set JAVA="%ES_JAVA_HOME%\bin\java.exe" + set JAVA_TYPE=ES_JAVA_HOME +) else if defined JAVA_HOME ( + rem fallback to JAVA_HOME + echo "warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME" >&2 set JAVA="%JAVA_HOME%\bin\java.exe" + set "ES_JAVA_HOME=%JAVA_HOME%" set JAVA_TYPE=JAVA_HOME +) else ( + rem use the bundled JDK (default) + set JAVA="%ES_HOME%\jdk\bin\java.exe" + set "ES_JAVA_HOME=%ES_HOME%\jdk" + set JAVA_TYPE=bundled JDK ) if not exist !JAVA! ( diff --git a/distribution/src/bin/elasticsearch-service.bat b/distribution/src/bin/elasticsearch-service.bat index 0e8a09c7c6e0..4bceeeb02c38 100644 --- a/distribution/src/bin/elasticsearch-service.bat +++ b/distribution/src/bin/elasticsearch-service.bat @@ -88,20 +88,20 @@ goto:eof :doInstall echo Installing service : "%SERVICE_ID%" -echo Using JAVA_HOME (%ARCH%): "%JAVA_HOME%" +echo Using ES_JAVA_HOME (%ARCH%): "%ES_JAVA_HOME%" rem Check JVM server dll first -if exist "%JAVA_HOME%\jre\bin\server\jvm.dll" ( +if exist "%ES_JAVA_HOME%\jre\bin\server\jvm.dll" ( set JVM_DLL=\jre\bin\server\jvm.dll goto foundJVM ) rem Check 'server' JRE (JRE installed on Windows Server) -if exist "%JAVA_HOME%\bin\server\jvm.dll" ( +if exist "%ES_JAVA_HOME%\bin\server\jvm.dll" ( set JVM_DLL=\bin\server\jvm.dll goto foundJVM ) else ( - echo JAVA_HOME ("%JAVA_HOME%"^) points to an invalid Java installation (no jvm.dll found in "%JAVA_HOME%\jre\bin\server" or "%JAVA_HOME%\bin\server"^). Exiting... + echo ES_JAVA_HOME ("%ES_JAVA_HOME%"^) points to an invalid Java installation (no jvm.dll found in "%ES_JAVA_HOME%\jre\bin\server" or "%ES_JAVA_HOME%\bin\server"^). Exiting... goto:eof ) @@ -207,7 +207,7 @@ if not "%SERVICE_USERNAME%" == "" ( set SERVICE_PARAMS=%SERVICE_PARAMS% --ServiceUser "%SERVICE_USERNAME%" --ServicePassword "%SERVICE_PASSWORD%" ) ) -"%EXECUTABLE%" //IS//%SERVICE_ID% --Startup %ES_START_TYPE% --StopTimeout %ES_STOP_TIMEOUT% --StartClass org.elasticsearch.bootstrap.Elasticsearch --StartMethod main ++StartParams --quiet --StopClass org.elasticsearch.bootstrap.Elasticsearch --StopMethod close --Classpath "%ES_CLASSPATH%" --JvmMs %JVM_MS% --JvmMx %JVM_MX% --JvmSs %JVM_SS% --JvmOptions %OTHER_JAVA_OPTS% ++JvmOptions %ES_PARAMS% %LOG_OPTS% --PidFile "%SERVICE_ID%.pid" --DisplayName "%SERVICE_DISPLAY_NAME%" --Description "%SERVICE_DESCRIPTION%" --Jvm "%JAVA_HOME%%JVM_DLL%" --StartMode jvm --StopMode jvm --StartPath "%ES_HOME%" %SERVICE_PARAMS% ++Environment HOSTNAME="%%COMPUTERNAME%%" +"%EXECUTABLE%" //IS//%SERVICE_ID% --Startup %ES_START_TYPE% --StopTimeout %ES_STOP_TIMEOUT% --StartClass org.elasticsearch.bootstrap.Elasticsearch --StartMethod main ++StartParams --quiet --StopClass org.elasticsearch.bootstrap.Elasticsearch --StopMethod close --Classpath "%ES_CLASSPATH%" --JvmMs %JVM_MS% --JvmMx %JVM_MX% --JvmSs %JVM_SS% --JvmOptions %OTHER_JAVA_OPTS% ++JvmOptions %ES_PARAMS% %LOG_OPTS% --PidFile "%SERVICE_ID%.pid" --DisplayName "%SERVICE_DISPLAY_NAME%" --Description "%SERVICE_DESCRIPTION%" --Jvm "%ES_JAVA_HOME%%JVM_DLL%" --StartMode jvm --StopMode jvm --StartPath "%ES_HOME%" %SERVICE_PARAMS% ++Environment HOSTNAME="%%COMPUTERNAME%%" if not errorlevel 1 goto installed echo Failed installing '%SERVICE_ID%' service @@ -219,7 +219,7 @@ echo The service '%SERVICE_ID%' has been installed. goto:eof :err -echo JAVA_HOME environment variable must be set! +echo ES_JAVA_HOME environment variable must be set! pause goto:eof diff --git a/docs/reference/setup.asciidoc b/docs/reference/setup.asciidoc index be68cd09a84c..7817d1ffdebd 100644 --- a/docs/reference/setup.asciidoc +++ b/docs/reference/setup.asciidoc @@ -28,7 +28,7 @@ https://openjdk.java.net[OpenJDK] from the JDK maintainers (GPLv2+CE) within each distribution. The bundled JVM is the recommended JVM and is located within the `jdk` directory of the Elasticsearch home directory. -To use your own version of Java, set the `JAVA_HOME` environment variable. +To use your own version of Java, set the `ES_JAVA_HOME` environment variable. If you must use a version of Java that is different from the bundled JVM, we recommend using a link:/support/matrix[supported] https://www.oracle.com/technetwork/java/eol-135779.html[LTS version of Java]. diff --git a/docs/reference/setup/install/deb.asciidoc b/docs/reference/setup/install/deb.asciidoc index 914390221dbb..5ead757b9abd 100644 --- a/docs/reference/setup/install/deb.asciidoc +++ b/docs/reference/setup/install/deb.asciidoc @@ -198,7 +198,7 @@ locations for a Debian-based system: | jdk | The bundled Java Development Kit used to run Elasticsearch. Can - be overridden by setting the `JAVA_HOME` environment variable + be overridden by setting the `ES_JAVA_HOME` environment variable in `/etc/default/elasticsearch`. | /usr/share/elasticsearch/jdk d| diff --git a/docs/reference/setup/install/rpm.asciidoc b/docs/reference/setup/install/rpm.asciidoc index bbbaebfcd108..761d9c4eef6d 100644 --- a/docs/reference/setup/install/rpm.asciidoc +++ b/docs/reference/setup/install/rpm.asciidoc @@ -191,7 +191,7 @@ locations for an RPM-based system: | jdk | The bundled Java Development Kit used to run Elasticsearch. Can - be overridden by setting the `JAVA_HOME` environment variable + be overridden by setting the `ES_JAVA_HOME` environment variable in `/etc/sysconfig/elasticsearch`. | /usr/share/elasticsearch/jdk d| diff --git a/docs/reference/setup/install/sysconfig-file.asciidoc b/docs/reference/setup/install/sysconfig-file.asciidoc index 3996f69636bd..9a1a06ef2f33 100644 --- a/docs/reference/setup/install/sysconfig-file.asciidoc +++ b/docs/reference/setup/install/sysconfig-file.asciidoc @@ -1,5 +1,5 @@ [horizontal] -`JAVA_HOME`:: +`ES_JAVA_HOME`:: Set a custom Java path to be used. diff --git a/docs/reference/setup/install/zip-windows.asciidoc b/docs/reference/setup/install/zip-windows.asciidoc index 9044fb8689f0..98a59814a0b0 100644 --- a/docs/reference/setup/install/zip-windows.asciidoc +++ b/docs/reference/setup/install/zip-windows.asciidoc @@ -120,24 +120,24 @@ The commands available are: `manager`:: Start a GUI for managing the installed service -The name of the service and the value of `JAVA_HOME` will be made available during install: +The name of the service and the value of `ES_JAVA_HOME` will be made available during install: ["source","sh",subs="attributes"] -------------------------------------------------- c:\elasticsearch-{version}{backslash}bin>elasticsearch-service.bat install Installing service : "elasticsearch-service-x64" -Using JAVA_HOME (64-bit): "c:\jvm\jdk1.8" +Using ES_JAVA_HOME (64-bit): "c:\jvm\jdk1.8" The service 'elasticsearch-service-x64' has been installed. -------------------------------------------------- NOTE: While a JRE can be used for the Elasticsearch service, due to its use of a client VM (as opposed to a server JVM which offers better performance for long-running applications) its usage is discouraged and a warning will be issued. -NOTE: The system environment variable `JAVA_HOME` should be set to the path to -the JDK installation that you want the service to use. If you upgrade the JDK, -you are not required to the reinstall the service but you must set the value of -the system environment variable `JAVA_HOME` to the path to the new JDK -installation. However, upgrading across JVM types (e.g. JRE versus SE) is not -supported, and does require the service to be reinstalled. +NOTE: The system environment variable `ES_JAVA_HOME` should be set to the path +to the JDK installation that you want the service to use. If you upgrade the +JDK, you are not required to the reinstall the service but you must set the +value of the system environment variable `ES_JAVA_HOME` to the path to the new +JDK installation. However, upgrading across JVM types (e.g. JRE versus SE) is +not supported, and does require the service to be reinstalled. [[windows-service-settings]] [discrete] @@ -167,7 +167,7 @@ The Elasticsearch service can be configured prior to installation by setting the The description of the service. Defaults to `Elasticsearch Windows Service - https://elastic.co`. -`JAVA_HOME`:: +`ES_JAVA_HOME`:: The installation directory of the desired JVM to run the service under. diff --git a/modules/reindex/build.gradle b/modules/reindex/build.gradle index 2efecfc6e8c8..1e6b55c685e0 100644 --- a/modules/reindex/build.gradle +++ b/modules/reindex/build.gradle @@ -137,6 +137,7 @@ if (Os.isFamily(Os.FAMILY_WINDOWS)) { dependsOn unzip executable = "${BuildParams.runtimeJavaHome}/bin/java" env 'CLASSPATH', "${-> project.configurations.oldesFixture.asPath}" + // old versions of Elasticsearch need JAVA_HOME env 'JAVA_HOME', jdks.legacy.javaHomePath args 'oldes.OldElasticsearch', baseDir, diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/test/ArchiveTests.java b/qa/os/src/test/java/org/elasticsearch/packaging/test/ArchiveTests.java index 786346266fb9..07a0800fe273 100644 --- a/qa/os/src/test/java/org/elasticsearch/packaging/test/ArchiveTests.java +++ b/qa/os/src/test/java/org/elasticsearch/packaging/test/ArchiveTests.java @@ -62,7 +62,7 @@ public class ArchiveTests extends PackagingTestCase { public void test30MissingBundledJdk() throws Exception { final Installation.Executables bin = installation.executables(); - sh.getEnv().remove("JAVA_HOME"); + sh.getEnv().remove("ES_JAVA_HOME"); final Path relocatedJdk = installation.bundledJdk.getParent().resolve("jdk.relocated"); @@ -73,7 +73,7 @@ public class ArchiveTests extends PackagingTestCase { // ask for elasticsearch version to quickly exit if java is actually found (ie test failure) final Result runResult = sh.runIgnoreExitCode(bin.elasticsearch.toString() + " -v"); assertThat(runResult.exitCode, is(1)); - assertThat(runResult.stderr, containsString("could not find java in bundled jdk")); + assertThat(runResult.stderr, containsString("could not find java in bundled JDK")); } finally { if (distribution().hasJdk) { mv(relocatedJdk, installation.bundledJdk); @@ -83,13 +83,12 @@ public class ArchiveTests extends PackagingTestCase { public void test31BadJavaHome() throws Exception { final Installation.Executables bin = installation.executables(); - sh.getEnv().put("JAVA_HOME", "doesnotexist"); + sh.getEnv().put("ES_JAVA_HOME", "doesnotexist"); // ask for elasticsearch version to quickly exit if java is actually found (ie test failure) final Result runResult = sh.runIgnoreExitCode(bin.elasticsearch.toString() + " -V"); assertThat(runResult.exitCode, is(1)); - assertThat(runResult.stderr, containsString("could not find java in JAVA_HOME")); - + assertThat(runResult.stderr, containsString("could not find java in ES_JAVA_HOME")); } public void test32SpecialCharactersInJdkPath() throws Exception { @@ -97,7 +96,7 @@ public class ArchiveTests extends PackagingTestCase { assumeTrue("Only run this test when we know where the JDK is.", distribution().hasJdk); final Path relocatedJdk = installation.bundledJdk.getParent().resolve("a (special) path"); - sh.getEnv().put("JAVA_HOME", relocatedJdk.toString()); + sh.getEnv().put("ES_JAVA_HOME", relocatedJdk.toString()); try { mv(installation.bundledJdk, relocatedJdk); @@ -130,24 +129,76 @@ public class ArchiveTests extends PackagingTestCase { stopElasticsearch(); } - public void test51JavaHomeOverride() throws Exception { + public void test51EsJavaHomeOverride() throws Exception { Platforms.onLinux(() -> { String systemJavaHome1 = sh.run("echo $SYSTEM_JAVA_HOME").stdout.trim(); - sh.getEnv().put("JAVA_HOME", systemJavaHome1); + sh.getEnv().put("ES_JAVA_HOME", systemJavaHome1); }); Platforms.onWindows(() -> { final String systemJavaHome1 = sh.run("$Env:SYSTEM_JAVA_HOME").stdout.trim(); - sh.getEnv().put("JAVA_HOME", systemJavaHome1); + sh.getEnv().put("ES_JAVA_HOME", systemJavaHome1); }); startElasticsearch(); ServerUtils.runElasticsearchTests(); stopElasticsearch(); + String systemJavaHome1 = sh.getEnv().get("ES_JAVA_HOME"); + assertThat(FileUtils.slurpAllLogs(installation.logs, "elasticsearch.log", "*.log.gz"), containsString(systemJavaHome1)); + } + + public void test51JavaHomeOverride() throws Exception { + Platforms.onLinux(() -> { + String systemJavaHome1 = sh.run("echo $SYSTEM_JAVA_HOME").stdout.trim(); + sh.getEnv().put("JAVA_HOME", systemJavaHome1); + // ensure that ES_JAVA_HOME is not set for the test + sh.getEnv().remove("ES_JAVA_HOME"); + }); + Platforms.onWindows(() -> { + final String systemJavaHome1 = sh.run("$Env:SYSTEM_JAVA_HOME").stdout.trim(); + sh.getEnv().put("JAVA_HOME", systemJavaHome1); + // ensure that ES_JAVA_HOME is not set for the test + sh.getEnv().remove("ES_JAVA_HOME"); + }); + + final Installation.Executables bin = installation.executables(); + final Result runResult = sh.run(bin.elasticsearch.toString() + " -V"); + assertThat(runResult.stderr, containsString("warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME")); + + startElasticsearch(); + ServerUtils.runElasticsearchTests(); + stopElasticsearch(); + String systemJavaHome1 = sh.getEnv().get("JAVA_HOME"); assertThat(FileUtils.slurpAllLogs(installation.logs, "elasticsearch.log", "*.log.gz"), containsString(systemJavaHome1)); } + public void test51EsJavaHomeOverrideOverridesJavaHome() throws Exception { + Platforms.onLinux(() -> { + String systemJavaHome1 = sh.run("echo $SYSTEM_JAVA_HOME").stdout.trim(); + sh.getEnv().put("ES_JAVA_HOME", systemJavaHome1); + // deliberately set to a location that does not exist, if ES_JAVA_HOME takes precedence this is ignored + sh.getEnv().put("JAVA_HOME", "doesnotexist"); + }); + Platforms.onWindows(() -> { + final String systemJavaHome1 = sh.run("$Env:SYSTEM_JAVA_HOME").stdout.trim(); + sh.getEnv().put("ES_JAVA_HOME", systemJavaHome1); + // deliberately set to a location that does not exist, if ES_JAVA_HOME takes precedence this is ignored + sh.getEnv().put("JAVA_HOME", "doesnotexist"); + }); + + final Installation.Executables bin = installation.executables(); + final Result runResult = sh.run(bin.elasticsearch.toString() + " -V"); + assertThat(runResult.stderr, not(containsString("warning: usage of JAVA_HOME is deprecated, use ES_JAVA_HOME"))); + + startElasticsearch(); + ServerUtils.runElasticsearchTests(); + stopElasticsearch(); + + String systemJavaHome1 = sh.getEnv().get("ES_JAVA_HOME"); + assertThat(FileUtils.slurpAllLogs(installation.logs, "elasticsearch.log", "*.log.gz"), containsString(systemJavaHome1)); + } + public void test52BundledJdkRemoved() throws Exception { assumeThat(distribution().hasJdk, is(true)); @@ -156,18 +207,18 @@ public class ArchiveTests extends PackagingTestCase { mv(installation.bundledJdk, relocatedJdk); Platforms.onLinux(() -> { String systemJavaHome1 = sh.run("echo $SYSTEM_JAVA_HOME").stdout.trim(); - sh.getEnv().put("JAVA_HOME", systemJavaHome1); + sh.getEnv().put("ES_JAVA_HOME", systemJavaHome1); }); Platforms.onWindows(() -> { final String systemJavaHome1 = sh.run("$Env:SYSTEM_JAVA_HOME").stdout.trim(); - sh.getEnv().put("JAVA_HOME", systemJavaHome1); + sh.getEnv().put("ES_JAVA_HOME", systemJavaHome1); }); startElasticsearch(); ServerUtils.runElasticsearchTests(); stopElasticsearch(); - String systemJavaHome1 = sh.getEnv().get("JAVA_HOME"); + String systemJavaHome1 = sh.getEnv().get("ES_JAVA_HOME"); assertThat(FileUtils.slurpAllLogs(installation.logs, "elasticsearch.log", "*.log.gz"), containsString(systemJavaHome1)); } finally { mv(relocatedJdk, installation.bundledJdk); @@ -181,7 +232,7 @@ public class ArchiveTests extends PackagingTestCase { // once windows 2012 is no longer supported and powershell 5.0 is always available we can change this command sh.run("cmd /c mklink /D '" + javaPath + "' $Env:SYSTEM_JAVA_HOME"); - sh.getEnv().put("JAVA_HOME", "C:\\Program Files (x86)\\java"); + sh.getEnv().put("ES_JAVA_HOME", "C:\\Program Files (x86)\\java"); // verify ES can start, stop and run plugin list startElasticsearch(); @@ -206,7 +257,7 @@ public class ArchiveTests extends PackagingTestCase { try { final String systemJavaHome = sh.run("echo $SYSTEM_JAVA_HOME").stdout.trim(); sh.run("ln -s \"" + systemJavaHome + "\" \"" + testJavaHome + "\""); - sh.getEnv().put("JAVA_HOME", testJavaHome); + sh.getEnv().put("ES_JAVA_HOME", testJavaHome); // verify ES can start, stop and run plugin list startElasticsearch(); @@ -227,7 +278,7 @@ public class ArchiveTests extends PackagingTestCase { // cleanup from previous test rm(installation.config("elasticsearch.keystore")); - sh.getEnv().put("JAVA_HOME", ""); + sh.getEnv().put("ES_JAVA_HOME", ""); startElasticsearch(); ServerUtils.runElasticsearchTests(); diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/test/PackageTests.java b/qa/os/src/test/java/org/elasticsearch/packaging/test/PackageTests.java index 5732d547d7ab..88111e8b8284 100644 --- a/qa/os/src/test/java/org/elasticsearch/packaging/test/PackageTests.java +++ b/qa/os/src/test/java/org/elasticsearch/packaging/test/PackageTests.java @@ -83,7 +83,7 @@ public class PackageTests extends PackagingTestCase { private void assertRunsWithJavaHome() throws Exception { byte[] originalEnvFile = Files.readAllBytes(installation.envFile); try { - Files.write(installation.envFile, List.of("JAVA_HOME=" + systemJavaHome), APPEND); + Files.write(installation.envFile, List.of("ES_JAVA_HOME=" + systemJavaHome), APPEND); startElasticsearch(); runElasticsearchTests(); stopElasticsearch(); diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/test/PackagingTestCase.java b/qa/os/src/test/java/org/elasticsearch/packaging/test/PackagingTestCase.java index 7ca448dd5d76..52c68e64e833 100644 --- a/qa/os/src/test/java/org/elasticsearch/packaging/test/PackagingTestCase.java +++ b/qa/os/src/test/java/org/elasticsearch/packaging/test/PackagingTestCase.java @@ -161,8 +161,8 @@ public abstract class PackagingTestCase extends Assert { sh.reset(); if (distribution().hasJdk == false) { - Platforms.onLinux(() -> sh.getEnv().put("JAVA_HOME", systemJavaHome)); - Platforms.onWindows(() -> sh.getEnv().put("JAVA_HOME", systemJavaHome)); + Platforms.onLinux(() -> sh.getEnv().put("ES_JAVA_HOME", systemJavaHome)); + Platforms.onWindows(() -> sh.getEnv().put("ES_JAVA_HOME", systemJavaHome)); } if (installation != null && distribution.isDocker() == false) { setHeap("1g"); diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/test/WindowsServiceTests.java b/qa/os/src/test/java/org/elasticsearch/packaging/test/WindowsServiceTests.java index 538c4e305bd9..24f6f63f3a52 100644 --- a/qa/os/src/test/java/org/elasticsearch/packaging/test/WindowsServiceTests.java +++ b/qa/os/src/test/java/org/elasticsearch/packaging/test/WindowsServiceTests.java @@ -118,17 +118,17 @@ public class WindowsServiceTests extends PackagingTestCase { mv(installation.bundledJdk, relocatedJdk); Result result = sh.runIgnoreExitCode(serviceScript + " install"); assertThat(result.exitCode, equalTo(1)); - assertThat(result.stderr, containsString("could not find java in bundled jdk")); + assertThat(result.stderr, containsString("could not find java in bundled JDK")); } finally { mv(relocatedJdk, installation.bundledJdk); } } public void test14InstallBadJavaHome() throws IOException { - sh.getEnv().put("JAVA_HOME", "doesnotexist"); + sh.getEnv().put("ES_JAVA_HOME", "doesnotexist"); Result result = sh.runIgnoreExitCode(serviceScript + " install"); assertThat(result.exitCode, equalTo(1)); - assertThat(result.stderr, containsString("could not find java in JAVA_HOME")); + assertThat(result.stderr, containsString("could not find java in ES_JAVA_HOME")); } public void test15RemoveNotInstalled() { @@ -139,7 +139,7 @@ public class WindowsServiceTests extends PackagingTestCase { public void test16InstallSpecialCharactersInJdkPath() throws IOException { assumeTrue("Only run this test when we know where the JDK is.", distribution().hasJdk); final Path relocatedJdk = installation.bundledJdk.getParent().resolve("a (special) jdk"); - sh.getEnv().put("JAVA_HOME", relocatedJdk.toString()); + sh.getEnv().put("ES_JAVA_HOME", relocatedJdk.toString()); try { mv(installation.bundledJdk, relocatedJdk); @@ -227,9 +227,9 @@ public class WindowsServiceTests extends PackagingTestCase { try { mv(installation.bundledJdk, relocatedJdk); - sh.getEnv().put("JAVA_HOME", relocatedJdk.toString()); + sh.getEnv().put("ES_JAVA_HOME", relocatedJdk.toString()); assertCommand(serviceScript + " install"); - sh.getEnv().remove("JAVA_HOME"); + sh.getEnv().remove("ES_JAVA_HOME"); assertCommand(serviceScript + " start"); assertStartedAndStop(); } finally { diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/util/Packages.java b/qa/os/src/test/java/org/elasticsearch/packaging/util/Packages.java index c8629bc437ce..452cc02d1c85 100644 --- a/qa/os/src/test/java/org/elasticsearch/packaging/util/Packages.java +++ b/qa/os/src/test/java/org/elasticsearch/packaging/util/Packages.java @@ -77,7 +77,7 @@ public class Packages { public static Installation installPackage(Shell sh, Distribution distribution) throws IOException { String systemJavaHome = sh.run("echo $SYSTEM_JAVA_HOME").stdout.trim(); if (distribution.hasJdk == false) { - sh.getEnv().put("JAVA_HOME", systemJavaHome); + sh.getEnv().put("ES_JAVA_HOME", systemJavaHome); } final Result result = runPackageManager(distribution, sh, PackageManagerCommand.INSTALL); if (result.exitCode != 0) { @@ -87,7 +87,7 @@ public class Packages { Installation installation = Installation.ofPackage(sh, distribution); if (distribution.hasJdk == false) { - Files.write(installation.envFile, List.of("JAVA_HOME=" + systemJavaHome), StandardOpenOption.APPEND); + Files.write(installation.envFile, List.of("ES_JAVA_HOME=" + systemJavaHome), StandardOpenOption.APPEND); } return installation; } diff --git a/qa/os/src/test/java/org/elasticsearch/packaging/util/Shell.java b/qa/os/src/test/java/org/elasticsearch/packaging/util/Shell.java index 49651e1126df..b25c803f8690 100644 --- a/qa/os/src/test/java/org/elasticsearch/packaging/util/Shell.java +++ b/qa/os/src/test/java/org/elasticsearch/packaging/util/Shell.java @@ -155,7 +155,8 @@ public class Shell { if (workingDirectory != null) { setWorkingDirectory(builder, workingDirectory); } - builder.environment().keySet().remove("JAVA_HOME"); // start with a fresh environment + builder.environment().keySet().remove("ES_JAVA_HOME"); // start with a fresh environment + builder.environment().keySet().remove("JAVA_HOME"); for (Map.Entry entry : env.entrySet()) { builder.environment().put(entry.getKey(), entry.getValue()); } diff --git a/x-pack/docs/en/security/fips-140-compliance.asciidoc b/x-pack/docs/en/security/fips-140-compliance.asciidoc index 6e087797bb4d..b458d41fda86 100644 --- a/x-pack/docs/en/security/fips-140-compliance.asciidoc +++ b/x-pack/docs/en/security/fips-140-compliance.asciidoc @@ -153,8 +153,8 @@ features are not available while running in FIPS 140-2 mode. The list is as foll * Ingest Attachment Plugin * The <> tool. However, `elasticsearch-certutil` can very well be used in a non FIPS 140-2 - configured JVM (pointing `JAVA_HOME` environment variable to a different java - installation) in order to generate the keys and certificates that + configured JVM (pointing `ES_JAVA_HOME` environment variable to a different + java installation) in order to generate the keys and certificates that can be later used in the FIPS 140-2 configured JVM. * The SQL CLI client cannot run in a FIPS 140-2 configured JVM while using TLS for transport security or PKI for client authentication.